Included in this issue: ICO to review Whatsapp privacy policy changes; Criminal conviction serves as a reminder to register with the ICO; Information Commissioner upbeat about UK data protection laws post Brexit

United Kingdom

ICO to review Whatsapp privacy policy changes

The Information Commissioner's Office (ICO) has confirmed that it will be reviewing Whatsapp's updated privacy policy to ensure that it is compliant with UK data protection laws. Whatsapp, the mobile messaging application which was acquired by Facebook in 2014, recently announced changes to its privacy policy indicating that it would share more data with Facebook (including users' phone numbers) and let some companies message users. It will also share information about when users last used the service, but content of users' messages shall remain private.

Whatsapp has hit back at criticism, arguing that these changes could transform communications between companies and customers. For example, airline flight alerts or bank balance information could be communicated via Whatsapp, and "marketing" messages could also be sent. This recent announcement is a change in attitude for Whatsapp whose creators took to writing blog posts back in 2012 which stated such things as, "Advertising isn't just the disruption of aesthetics, the insults to your intelligence and the interruption of your train of thought."

Elizabeth Denham, the Information Commissioner at the ICO has issued the following statement: "the changes WhatsApp and Facebook are making will affect a lot of people. Some might consider it’ll give them a better service, others may be concerned by the lack of control". It will be interesting to see how the ICO's analysis develops in the next coming weeks.

There are over 1 billion active users worldwide using Whatsapp in a given month. Whatsapp has advised its users that they will be provided with an update which will allow users to choose to opt out of having their information shared. Whether this mechanism will work in practice is yet to be seen, especially in light of the recent issues with Facebook opt-outs that do not work. Users are advised to review their account settings and change these manually.

BBC news coverage is available here

The ICO statement is available here

Criminal conviction serves as a reminder to register with the ICO

Telecommunications provider Bizcall Communications Limited has been found guilty of processing personal data without having an entry in the register maintained by the Information Commissioner. The company was prosecuted under section 17 of the Data Protection Act 1998, and fined £650. The Data Protection Act 1998 requires every organisation that processes personal information to register with the Information Commissioner’s Office (ICO), unless they are exempt. Failure to do so is a criminal offence so organisations handling personal data must make sure to register with the ICO to avoid prosecution.

The ICO announcement is available here

Information Commissioner upbeat about UK data protection laws post Brexit

Elizabeth Denham, has stated that the UK is well equipped to deal with changes to data protection laws following the vote for Brexit in June. In her first newsletter since taking the role as Information Commissioner, she stated that, "The result of the EU referendum and its impact on data protection reforms will undoubtedly create uncertainty, as any period of flux does. It’s clear to me though that the UK is well equipped to navigate the changes ahead successfully. Data protection is a team sport. Effective regulation requires engagement with the public sector, with industry, with civil society and with the public at large." It will be interesting to see how the ICO reaches out to industries and the public over the coming years and the effect it has on UK data protection laws.

The ICO newsletter is available here

Helena Brown

Helena Brown

Partner, Commercial and Data Protection & Head of Data
Edinburgh, UK

View profile